package com.xiumu.config.satoken;

import cn.dev33.satoken.context.SaHolder;
import cn.dev33.satoken.exception.BackResultException;
import cn.dev33.satoken.filter.SaServletFilter;
import cn.dev33.satoken.router.SaRouter;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONUtil;
import com.xiumu.common.core.exception.base.SysException;
import com.xiumu.common.core.result.ResultJSON;
import com.xiumu.config.XiuMuProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SaTokenConfig {

    @Autowired
    private XiuMuProperties xiuMuProperties;

    /**
     * 注册 [sa-token全局过滤器], 并允许跨域
     */
    @Bean
    public SaServletFilter getSaServletFilter() {
        return new SaServletFilter()
                .addInclude("/**")
                // 前置函数：在每次认证函数之前执行
                .setBeforeAuth(r -> {
                    // ---------- 设置跨域响应头 ----------
                    String origin = SaHolder.getRequest().getHeader("Origin");
                    if (StrUtil.isNotBlank(origin) &&
                            !SaHolder.getRequest().getUrl().contains(origin) &&
                            !xiuMuProperties.getAllowedCorsHost().contains(origin)){
                        SaHolder.getResponse().setHeader("Content-Type", "application/json; charset=utf-8");
                        throw new BackResultException(JSONUtil.toJsonStr(ResultJSON.failure(SysException.INVALID_CORS)));
                    }
                    SaHolder.getResponse()
                            // 允许指定域访问跨域资源
                            .setHeader("Access-Control-Allow-Origin", origin)
                            .setHeader("Access-Control-Allow-Credentials", "true")
                            // 允许所有请求方式
                            .setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, OPTIONS")
                            // 有效时间
                            .setHeader("Access-Control-Max-Age", "3600")
                            // 允许的header参数
                            .setHeader("Access-Control-Allow-Headers", "*");

                    // 如果是预检请求，直接返回
                    if ("OPTIONS".equals(SaHolder.getRequest().getMethod())) {
                        SaRouter.back();
                    }
                });
    }


}
